From 347e7460c1e49ed079cbc38ad784f532f590ef52 Mon Sep 17 00:00:00 2001 From: Milan Bouchet-Valat Date: Tue, 6 Aug 2019 16:54:47 +0200 Subject: [PATCH 1/3] Bump libgit2 to 0.28.2 This allows dropping MbedTLS patches which have been upstreamed. --- deps/Versions.make | 2 +- deps/libgit2.mk | 14 +- deps/libgit2.version | 4 +- deps/patches/libgit2-mbedtls.patch | 952 ---------------------------- deps/patches/libgit2-mbedtls2.patch | 28 - stdlib/LibGit2/test/libgit2.jl | 2 +- 6 files changed, 5 insertions(+), 997 deletions(-) delete mode 100644 deps/patches/libgit2-mbedtls.patch delete mode 100644 deps/patches/libgit2-mbedtls2.patch diff --git a/deps/Versions.make b/deps/Versions.make index bca3f970c0a94..4cd5ad6da3972 100644 --- a/deps/Versions.make +++ b/deps/Versions.make @@ -26,7 +26,7 @@ LIBSSH2_VER = 1.8.2 LIBSSH2_BB_REL = 0 CURL_VER = 7.61.0 CURL_BB_REL = 1 -LIBGIT2_VER = 0.27.7 +LIBGIT2_VER = 0.28.2 LIBGIT2_BB_REL = 1 LIBUV_VER = 1.29.1 LIBUV_BB_REL = 0 diff --git a/deps/libgit2.mk b/deps/libgit2.mk index 845cfba2733dc..d4f8a862c231b 100644 --- a/deps/libgit2.mk +++ b/deps/libgit2.mk @@ -44,24 +44,12 @@ endif LIBGIT2_SRC_PATH := $(SRCCACHE)/$(LIBGIT2_SRC_DIR) -$(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied: $(SRCCACHE)/$(LIBGIT2_SRC_DIR)/source-extracted - cd $(LIBGIT2_SRC_PATH) && \ - patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls.patch - echo 1 > $@ - -$(LIBGIT2_SRC_PATH)/libgit2-mbedtls2.patch-applied: $(SRCCACHE)/$(LIBGIT2_SRC_DIR)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied - cd $(LIBGIT2_SRC_PATH) && \ - patch -p1 -f < $(SRCDIR)/patches/libgit2-mbedtls2.patch - echo 1 > $@ - -$(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted | $(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied +$(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied: $(LIBGIT2_SRC_PATH)/source-extracted cd $(LIBGIT2_SRC_PATH) && \ patch -p1 -f < $(SRCDIR)/patches/libgit2-agent-nonfatal.patch echo 1 > $@ $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: \ - $(LIBGIT2_SRC_PATH)/libgit2-mbedtls.patch-applied \ - $(LIBGIT2_SRC_PATH)/libgit2-mbedtls2.patch-applied \ $(LIBGIT2_SRC_PATH)/libgit2-agent-nonfatal.patch-applied \ $(BUILDDIR)/$(LIBGIT2_SRC_DIR)/build-configured: $(LIBGIT2_SRC_PATH)/source-extracted diff --git a/deps/libgit2.version b/deps/libgit2.version index d35b0242330b9..f67bedc414176 100644 --- a/deps/libgit2.version +++ b/deps/libgit2.version @@ -1,2 +1,2 @@ -LIBGIT2_BRANCH=v0.27.7 -LIBGIT2_SHA1=f23dc5b29f1394928a940d7ec447f4bfd53dad1f +LIBGIT2_BRANCH=v0.28.2 +LIBGIT2_SHA1=b3e1a56ebb2b9291e82dc027ba9cbcfc3ead54d3 diff --git a/deps/patches/libgit2-mbedtls.patch b/deps/patches/libgit2-mbedtls.patch deleted file mode 100644 index c54a7e78c1e0c..0000000000000 --- a/deps/patches/libgit2-mbedtls.patch +++ /dev/null @@ -1,952 +0,0 @@ -Enables MbedTLS support - -Upstream: https://github.com/libgit2/libgit2/pull/4173 - -NOTE: libgit2 has switched its CI to Azure Pipelines. The aforementioned PR makes modifications -to the Travis YAML file, which has since been removed, causing patch conflicts. That part of -the diff has thus been removed here. - -git diff ca3b2234dc7f1bd0d0f81488d3e29980b47a85b4^..cb2da47e56159faaaf143943c74ffb8f60a988b1 > libgit2-mbedtls.patch - -mbedtls: initial support -mbedtls: proper certificate verification -mbedtls: use libmbedcrypto for hashing -mbedtls: add global initialization -mbedtls: default cipher list support -mbedtls: fix libgit2 hanging due to incomplete writes -mbedtls: enable Travis CI tests -mbedtls: use our own certificate validation -mbedtls: use mbedTLS certificate verification -mbedtls: load default CA certificates -mbedtls: display error codes as hex for consistency with mbedTLS docs -tests: clarify comment -cmake: make our preferred backend ordering consistent -travis: just grab what we need from mbedtls -travis: pass -fPIC when configuring mbedtls - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 2ca5354a7..9176eee04 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -48,7 +48,7 @@ OPTION( PROFILE "Generate profiling information" OFF ) - OPTION( ENABLE_TRACE "Enables tracing support" OFF ) - OPTION( LIBGIT2_FILENAME "Name of the produced binary" OFF ) - --SET(SHA1_BACKEND "CollisionDetection" CACHE STRING "Backend to use for SHA1. One of Generic, OpenSSL, Win32, CommonCrypto, CollisionDetection. ") -+SET(SHA1_BACKEND "CollisionDetection" CACHE STRING "Backend to use for SHA1. One of Generic, OpenSSL, Win32, CommonCrypto, mbedTLS, CollisionDetection. ") - OPTION( USE_SSH "Link with libssh to enable SSH support" ON ) - OPTION( USE_HTTPS "Enable HTTPS support. Can be set to a specific backend" ON ) - OPTION( USE_GSSAPI "Link with libgssapi for SPNEGO auth" OFF ) -diff --git a/cmake/Modules/FindmbedTLS.cmake b/cmake/Modules/FindmbedTLS.cmake -new file mode 100644 -index 000000000..93297555e ---- /dev/null -+++ b/cmake/Modules/FindmbedTLS.cmake -@@ -0,0 +1,93 @@ -+# - Try to find mbedTLS -+# Once done this will define -+# -+# Read-Only variables -+# MBEDTLS_FOUND - system has mbedTLS -+# MBEDTLS_INCLUDE_DIR - the mbedTLS include directory -+# MBEDTLS_LIBRARY_DIR - the mbedTLS library directory -+# MBEDTLS_LIBRARIES - Link these to use mbedTLS -+# MBEDTLS_LIBRARY - path to mbedTLS library -+# MBEDX509_LIBRARY - path to mbedTLS X.509 library -+# MBEDCRYPTO_LIBRARY - path to mbedTLS Crypto library -+# -+# Hint -+# MBEDTLS_ROOT_DIR can be pointed to a local mbedTLS installation. -+ -+SET(_MBEDTLS_ROOT_HINTS -+ ${MBEDTLS_ROOT_DIR} -+ ENV MBEDTLS_ROOT_DIR -+) -+ -+SET(_MBEDTLS_ROOT_HINTS_AND_PATHS -+ HINTS ${_MBEDTLS_ROOT_HINTS} -+ PATHS ${_MBEDTLS_ROOT_PATHS} -+) -+ -+FIND_PATH(MBEDTLS_INCLUDE_DIR -+ NAMES mbedtls/version.h -+ ${_MBEDTLS_ROOT_HINTS_AND_PATHS} -+ PATH_SUFFIXES include -+) -+ -+IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES) -+ # Already in cache, be silent -+ SET(MBEDTLS_FIND_QUIETLY TRUE) -+ENDIF() -+ -+FIND_LIBRARY(MBEDTLS_LIBRARY -+ NAMES mbedtls libmbedtls -+ ${_MBEDTLS_ROOT_HINTS_AND_PATHS} -+ PATH_SUFFIXES library -+) -+FIND_LIBRARY(MBEDX509_LIBRARY -+ NAMES mbedx509 libmbedx509 -+ ${_MBEDTLS_ROOT_HINTS_AND_PATHS} -+ PATH_SUFFIXES library -+) -+FIND_LIBRARY(MBEDCRYPTO_LIBRARY -+ NAMES mbedcrypto libmbedcrypto -+ ${_MBEDTLS_ROOT_HINTS_AND_PATHS} -+ PATH_SUFFIXES library -+) -+ -+IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY AND MBEDX509_LIBRARY AND MBEDCRYPTO_LIBRARY) -+ SET(MBEDTLS_FOUND TRUE) -+ENDIF() -+ -+IF(MBEDTLS_FOUND) -+ # split mbedTLS into -L and -l linker options, so we can set them for pkg-config -+ GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_DIR ${MBEDTLS_LIBRARY} PATH) -+ GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY} NAME_WE) -+ GET_FILENAME_COMPONENT(MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY} NAME_WE) -+ GET_FILENAME_COMPONENT(MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY} NAME_WE) -+ STRING(REGEX REPLACE "^lib" "" MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY_FILE}) -+ STRING(REGEX REPLACE "^lib" "" MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY_FILE}) -+ STRING(REGEX REPLACE "^lib" "" MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY_FILE}) -+ SET(MBEDTLS_LIBRARIES "-L${MBEDTLS_LIBRARY_DIR} -l${MBEDTLS_LIBRARY_FILE} -l${MBEDX509_LIBRARY_FILE} -l${MBEDCRYPTO_LIBRARY_FILE}") -+ -+ IF(NOT MBEDTLS_FIND_QUIETLY) -+ MESSAGE(STATUS "Found mbedTLS:") -+ FILE(READ ${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h MBEDTLSCONTENT) -+ STRING(REGEX MATCH "MBEDTLS_VERSION_STRING +\"[0-9|.]+\"" MBEDTLSMATCH ${MBEDTLSCONTENT}) -+ IF (MBEDTLSMATCH) -+ STRING(REGEX REPLACE "MBEDTLS_VERSION_STRING +\"([0-9|.]+)\"" "\\1" MBEDTLS_VERSION ${MBEDTLSMATCH}) -+ MESSAGE(STATUS " version ${MBEDTLS_VERSION}") -+ ENDIF(MBEDTLSMATCH) -+ MESSAGE(STATUS " TLS: ${MBEDTLS_LIBRARY}") -+ MESSAGE(STATUS " X509: ${MBEDX509_LIBRARY}") -+ MESSAGE(STATUS " Crypto: ${MBEDCRYPTO_LIBRARY}") -+ ENDIF(NOT MBEDTLS_FIND_QUIETLY) -+ELSE(MBEDTLS_FOUND) -+ IF(MBEDTLS_FIND_REQUIRED) -+ MESSAGE(FATAL_ERROR "Could not find mbedTLS") -+ ENDIF(MBEDTLS_FIND_REQUIRED) -+ENDIF(MBEDTLS_FOUND) -+ -+MARK_AS_ADVANCED( -+ MBEDTLS_INCLUDE_DIR -+ MBEDTLS_LIBRARY_DIR -+ MBEDTLS_LIBRARIES -+ MBEDTLS_LIBRARY -+ MBEDX509_LIBRARY -+ MBEDCRYPTO_LIBRARY -+) -diff --git a/script/install-deps-linux.sh b/script/install-deps-linux.sh -new file mode 100755 -index 000000000..99cbde4e0 ---- /dev/null -+++ b/script/install-deps-linux.sh -@@ -0,0 +1,13 @@ -+#!/bin/sh -+ -+set -x -+ -+if [ "$MBEDTLS" ]; then -+ git clone --depth 10 --single-branch --branch mbedtls-2.6.1 https://github.com/ARMmbed/mbedtls.git ./deps/mbedtls -+ cd ./deps/mbedtls -+ # We pass -fPIC explicitely because we'll include it in libgit2.so -+ CFLAGS=-fPIC cmake -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON . -+ cmake --build . -+ -+ echo "mbedTLS built in `pwd`" -+fi -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index b03b96af9..0f5d78547 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -133,6 +133,9 @@ ELSE () - ENDIF() - - IF (USE_HTTPS) -+ # We try to find any packages our backends might use -+ FIND_PACKAGE(OpenSSL) -+ FIND_PACKAGE(mbedTLS) - IF (CMAKE_SYSTEM_NAME MATCHES "Darwin") - FIND_PACKAGE(Security) - FIND_PACKAGE(CoreFoundation) -@@ -149,8 +152,13 @@ IF (USE_HTTPS) - ENDIF() - ELSEIF (WINHTTP) - SET(HTTPS_BACKEND "WinHTTP") -- ELSE() -+ ELSEIF(OPENSSL_FOUND) - SET(HTTPS_BACKEND "OpenSSL") -+ ELSEIF(MBEDTLS_FOUND) -+ SET(HTTPS_BACKEND "mbedTLS") -+ ELSE() -+ MESSAGE(FATAL_ERROR "Unable to autodetect a usable HTTPS backend." -+ "Please pass the backend name explicitly (-DUSE_HTTPS=backend)") - ENDIF() - ELSE() - # Backend was explicitly set -@@ -174,8 +182,6 @@ IF (USE_HTTPS) - LIST(APPEND LIBGIT2_LIBS ${COREFOUNDATION_LIBRARIES} ${SECURITY_LIBRARIES}) - LIST(APPEND LIBGIT2_PC_LIBS ${COREFOUNDATION_LDFLAGS} ${SECURITY_LDFLAGS}) - ELSEIF (HTTPS_BACKEND STREQUAL "OpenSSL") -- FIND_PACKAGE(OpenSSL) -- - IF (NOT OPENSSL_FOUND) - MESSAGE(FATAL_ERROR "Asked for OpenSSL TLS backend, but it wasn't found") - ENDIF() -@@ -185,6 +191,53 @@ IF (USE_HTTPS) - LIST(APPEND LIBGIT2_LIBS ${OPENSSL_LIBRARIES}) - LIST(APPEND LIBGIT2_PC_LIBS ${OPENSSL_LDFLAGS}) - LIST(APPEND LIBGIT2_PC_REQUIRES "openssl") -+ ELSEIF(HTTPS_BACKEND STREQUAL "mbedTLS") -+ IF (NOT MBEDTLS_FOUND) -+ MESSAGE(FATAL_ERROR "Asked for mbedTLS backend, but it wasn't found") -+ ENDIF() -+ -+ IF(NOT CERT_LOCATION) -+ MESSAGE("Auto-detecting default certificates location") -+ IF(CMAKE_SYSTEM_NAME MATCHES Darwin) -+ # Check for an Homebrew installation -+ SET(OPENSSL_CMD "/usr/local/opt/openssl/bin/openssl") -+ ELSE() -+ SET(OPENSSL_CMD "openssl") -+ ENDIF() -+ EXECUTE_PROCESS(COMMAND ${OPENSSL_CMD} version -d OUTPUT_VARIABLE OPENSSL_DIR OUTPUT_STRIP_TRAILING_WHITESPACE) -+ IF(OPENSSL_DIR) -+ STRING(REGEX REPLACE "^OPENSSLDIR: \"(.*)\"$" "\\1/" OPENSSL_DIR ${OPENSSL_DIR}) -+ -+ SET(OPENSSL_CA_LOCATIONS -+ "ca-bundle.pem" # OpenSUSE Leap 42.1 -+ "cert.pem" # Ubuntu 14.04, FreeBSD -+ "certs/ca-certificates.crt" # Ubuntu 16.04 -+ "certs/ca.pem" # Debian 7 -+ ) -+ FOREACH(SUFFIX IN LISTS OPENSSL_CA_LOCATIONS) -+ SET(LOC "${OPENSSL_DIR}${SUFFIX}") -+ IF(NOT CERT_LOCATION AND EXISTS "${OPENSSL_DIR}${SUFFIX}") -+ SET(CERT_LOCATION ${LOC}) -+ ENDIF() -+ ENDFOREACH() -+ ELSE() -+ MESSAGE("Unable to find OpenSSL executable. Please provide default certificate location via CERT_LOCATION") -+ ENDIF() -+ ENDIF() -+ -+ IF(CERT_LOCATION) -+ IF(NOT EXISTS ${CERT_LOCATION}) -+ MESSAGE(FATAL_ERROR "Cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist") -+ ENDIF() -+ ADD_FEATURE_INFO(CERT_LOCATION ON "using certificates from ${CERT_LOCATION}") -+ ADD_DEFINITIONS(-DGIT_DEFAULT_CERT_LOCATION="${CERT_LOCATION}") -+ ENDIF() -+ -+ SET(GIT_MBEDTLS 1) -+ LIST(APPEND LIBGIT2_INCLUDES ${MBEDTLS_INCLUDE_DIR}) -+ LIST(APPEND LIBGIT2_LIBS ${MBEDTLS_LIBRARIES}) -+ LIST(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LDFLAGS}) -+ LIST(APPEND LIBGIT2_PC_REQUIRES "mbedtls") - ELSEIF (HTTPS_BACKEND STREQUAL "WinHTTP") - # WinHTTP setup was handled in the WinHTTP-specific block above - ELSE() -@@ -230,6 +283,11 @@ ELSEIF(SHA1_BACKEND STREQUAL "Win32") - ELSEIF(SHA1_BACKEND STREQUAL "CommonCrypto") - ADD_FEATURE_INFO(SHA ON "using CommonCrypto") - SET(GIT_SHA1_COMMON_CRYPTO 1) -+ELSEIF (SHA1_BACKEND STREQUAL "mbedTLS") -+ ADD_FEATURE_INFO(SHA ON "using mbedTLS") -+ SET(GIT_SHA1_MBEDTLS 1) -+ FILE(GLOB SRC_SHA1 src/hash/hash_mbedtls.c) -+ LIST(APPEND LIBGIT2_PC_REQUIRES "mbedtls") - ELSE() - MESSAGE(FATAL_ERROR "Asked for unknown SHA1 backend ${SHA1_BACKEND}") - ENDIF() -diff --git a/src/features.h.in b/src/features.h.in -index e03b7a251..f414c5843 100644 ---- a/src/features.h.in -+++ b/src/features.h.in -@@ -27,10 +27,12 @@ - #cmakedefine GIT_HTTPS 1 - #cmakedefine GIT_OPENSSL 1 - #cmakedefine GIT_SECURE_TRANSPORT 1 -+#cmakedefine GIT_MBEDTLS 1 - - #cmakedefine GIT_SHA1_COLLISIONDETECT 1 - #cmakedefine GIT_SHA1_WIN32 1 - #cmakedefine GIT_SHA1_COMMON_CRYPTO 1 - #cmakedefine GIT_SHA1_OPENSSL 1 -+#cmakedefine GIT_SHA1_MBEDTLS 1 - - #endif -diff --git a/src/global.c b/src/global.c -index 2f9b45bcd..02aedf57d 100644 ---- a/src/global.c -+++ b/src/global.c -@@ -12,6 +12,7 @@ - #include "filter.h" - #include "merge_driver.h" - #include "streams/curl.h" -+#include "streams/mbedtls.h" - #include "streams/openssl.h" - #include "thread-utils.h" - #include "git2/global.h" -@@ -65,7 +66,8 @@ static int init_common(void) - (ret = git_merge_driver_global_init()) == 0 && - (ret = git_transport_ssh_global_init()) == 0 && - (ret = git_openssl_stream_global_init()) == 0 && -- (ret = git_curl_stream_global_init()) == 0) -+ (ret = git_curl_stream_global_init()) == 0 && -+ (ret = git_mbedtls_stream_global_init()) == 0) - ret = git_mwindow_global_init(); - - GIT_MEMORY_BARRIER; -diff --git a/src/hash.h b/src/hash.h -index 31eaf8889..93765adf3 100644 ---- a/src/hash.h -+++ b/src/hash.h -@@ -26,6 +26,8 @@ void git_hash_ctx_cleanup(git_hash_ctx *ctx); - # include "hash/hash_openssl.h" - #elif defined(GIT_SHA1_WIN32) - # include "hash/hash_win32.h" -+#elif defined(GIT_SHA1_MBEDTLS) -+# include "hash/hash_mbedtls.h" - #else - # include "hash/hash_generic.h" - #endif -diff --git a/src/hash/hash_mbedtls.c b/src/hash/hash_mbedtls.c -new file mode 100644 -index 000000000..a19d76308 ---- /dev/null -+++ b/src/hash/hash_mbedtls.c -@@ -0,0 +1,38 @@ -+/* -+ * Copyright (C) the libgit2 contributors. All rights reserved. -+ * -+ * This file is part of libgit2, distributed under the GNU GPL v2 with -+ * a Linking Exception. For full terms see the included COPYING file. -+ */ -+ -+#include "common.h" -+#include "hash.h" -+#include "hash/hash_mbedtls.h" -+ -+void git_hash_ctx_cleanup(git_hash_ctx *ctx) -+{ -+ assert(ctx); -+ mbedtls_sha1_free(&ctx->c); -+} -+ -+int git_hash_init(git_hash_ctx *ctx) -+{ -+ assert(ctx); -+ mbedtls_sha1_init(&ctx->c); -+ mbedtls_sha1_starts(&ctx->c); -+ return 0; -+} -+ -+int git_hash_update(git_hash_ctx *ctx, const void *data, size_t len) -+{ -+ assert(ctx); -+ mbedtls_sha1_update(&ctx->c, data, len); -+ return 0; -+} -+ -+int git_hash_final(git_oid *out, git_hash_ctx *ctx) -+{ -+ assert(ctx); -+ mbedtls_sha1_finish(&ctx->c, out->id); -+ return 0; -+} -diff --git a/src/hash/hash_mbedtls.h b/src/hash/hash_mbedtls.h -new file mode 100644 -index 000000000..24196c5bf ---- /dev/null -+++ b/src/hash/hash_mbedtls.h -@@ -0,0 +1,20 @@ -+/* -+ * Copyright (C) the libgit2 contributors. All rights reserved. -+ * -+ * This file is part of libgit2, distributed under the GNU GPL v2 with -+ * a Linking Exception. For full terms see the included COPYING file. -+ */ -+ -+#ifndef INCLUDE_hash_mbedtld_h__ -+#define INCLUDE_hash_mbedtld_h__ -+ -+#include -+ -+struct git_hash_ctx { -+ mbedtls_sha1_context c; -+}; -+ -+#define git_hash_global_init() 0 -+#define git_hash_ctx_init(ctx) git_hash_init(ctx) -+ -+#endif /* INCLUDE_hash_mbedtld_h__ */ -diff --git a/src/settings.c b/src/settings.c -index 2a52ffbf6..f6bc5b270 100644 ---- a/src/settings.c -+++ b/src/settings.c -@@ -11,6 +11,10 @@ - # include - #endif - -+#ifdef GIT_MBEDTLS -+# include -+#endif -+ - #include - #include "sysdir.h" - #include "cache.h" -@@ -20,6 +24,7 @@ - #include "refs.h" - #include "transports/smart.h" - #include "streams/openssl.h" -+#include "streams/mbedtls.h" - - void git_libgit2_version(int *major, int *minor, int *rev) - { -@@ -175,6 +180,15 @@ int git_libgit2_opts(int key, ...) - const char *path = va_arg(ap, const char *); - error = git_openssl__set_cert_location(file, path); - } -+#elif defined(GIT_MBEDTLS) -+ { -+ const char *file = va_arg(ap, const char *); -+ const char *path = va_arg(ap, const char *); -+ if (file) -+ error = git_mbedtls__set_cert_location(file, 0); -+ if (error && path) -+ error = git_mbedtls__set_cert_location(path, 1); -+ } - #else - giterr_set(GITERR_SSL, "TLS backend doesn't support certificate locations"); - error = -1; -@@ -199,7 +213,7 @@ int git_libgit2_opts(int key, ...) - break; - - case GIT_OPT_SET_SSL_CIPHERS: --#ifdef GIT_OPENSSL -+#if (GIT_OPENSSL || GIT_MBEDTLS) - { - git__free(git__ssl_ciphers); - git__ssl_ciphers = git__strdup(va_arg(ap, const char *)); -diff --git a/src/streams/mbedtls.c b/src/streams/mbedtls.c -new file mode 100644 -index 000000000..0a49a36a6 ---- /dev/null -+++ b/src/streams/mbedtls.c -@@ -0,0 +1,452 @@ -+/* -+ * Copyright (C) the libgit2 contributors. All rights reserved. -+ * -+ * This file is part of libgit2, distributed under the GNU GPL v2 with -+ * a Linking Exception. For full terms see the included COPYING file. -+ */ -+ -+#include "streams/mbedtls.h" -+ -+#ifdef GIT_MBEDTLS -+ -+#include -+ -+#include "global.h" -+#include "stream.h" -+#include "streams/socket.h" -+#include "netops.h" -+#include "git2/transport.h" -+#include "util.h" -+ -+#ifdef GIT_CURL -+# include "streams/curl.h" -+#endif -+ -+#ifndef GIT_DEFAULT_CERT_LOCATION -+#define GIT_DEFAULT_CERT_LOCATION NULL -+#endif -+ -+#include -+#include -+#include -+#include -+#include -+ -+mbedtls_ssl_config *git__ssl_conf; -+mbedtls_entropy_context *mbedtls_entropy; -+ -+#define GIT_SSL_DEFAULT_CIPHERS "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-DSS-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-DSS-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-128-CBC-SHA256:TLS-DHE-DSS-WITH-AES-256-CBC-SHA256:TLS-DHE-DSS-WITH-AES-128-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-128-GCM-SHA256:TLS-RSA-WITH-AES-256-GCM-SHA384:TLS-RSA-WITH-AES-128-CBC-SHA256:TLS-RSA-WITH-AES-256-CBC-SHA256:TLS-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA" -+#define GIT_SSL_DEFAULT_CIPHERS_COUNT 30 -+ -+/** -+ * This function aims to clean-up the SSL context which -+ * we allocated. -+ */ -+static void shutdown_ssl(void) -+{ -+ if (git__ssl_conf) { -+ mbedtls_x509_crt_free(git__ssl_conf->ca_chain); -+ git__free(git__ssl_conf->ca_chain); -+ mbedtls_ctr_drbg_free(git__ssl_conf->p_rng); -+ git__free(git__ssl_conf->p_rng); -+ mbedtls_ssl_config_free(git__ssl_conf); -+ git__free(git__ssl_conf); -+ git__ssl_conf = NULL; -+ } -+ if (mbedtls_entropy) { -+ mbedtls_entropy_free(mbedtls_entropy); -+ git__free(mbedtls_entropy); -+ mbedtls_entropy = NULL; -+ } -+} -+ -+int git_mbedtls__set_cert_location(const char *path, int is_dir); -+ -+int git_mbedtls_stream_global_init(void) -+{ -+ int loaded = 0; -+ char *crtpath = GIT_DEFAULT_CERT_LOCATION; -+ struct stat statbuf; -+ mbedtls_ctr_drbg_context *ctr_drbg = NULL; -+ -+ int *ciphers_list = NULL; -+ int ciphers_known = 0; -+ char *cipher_name = NULL; -+ char *cipher_string = NULL; -+ char *cipher_string_tmp = NULL; -+ -+ mbedtls_x509_crt *cacert = NULL; -+ -+ git__ssl_conf = git__malloc(sizeof(mbedtls_ssl_config)); -+ mbedtls_ssl_config_init(git__ssl_conf); -+ if (mbedtls_ssl_config_defaults(git__ssl_conf, -+ MBEDTLS_SSL_IS_CLIENT, -+ MBEDTLS_SSL_TRANSPORT_STREAM, -+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) { -+ giterr_set(GITERR_SSL, "failed to initialize mbedTLS"); -+ goto cleanup; -+ } -+ -+ /* configure TLSv1 */ -+ mbedtls_ssl_conf_min_version(git__ssl_conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0); -+ -+ /* verify_server_cert is responsible for making the check. -+ * OPTIONAL because REQUIRED drops the certificate as soon as the check -+ * is made, so we can never see the certificate and override it. */ -+ mbedtls_ssl_conf_authmode(git__ssl_conf, MBEDTLS_SSL_VERIFY_OPTIONAL); -+ -+ /* set the list of allowed ciphersuites */ -+ ciphers_list = calloc(GIT_SSL_DEFAULT_CIPHERS_COUNT, sizeof(int)); -+ ciphers_known = 0; -+ cipher_string = cipher_string_tmp = git__strdup(GIT_SSL_DEFAULT_CIPHERS); -+ while ((cipher_name = git__strtok(&cipher_string_tmp, ":")) != NULL) { -+ int cipherid = mbedtls_ssl_get_ciphersuite_id(cipher_name); -+ if (cipherid == 0) continue; -+ -+ ciphers_list[ciphers_known++] = cipherid; -+ } -+ git__free(cipher_string); -+ -+ if (!ciphers_known) { -+ giterr_set(GITERR_SSL, "no cipher could be enabled"); -+ goto cleanup; -+ } -+ mbedtls_ssl_conf_ciphersuites(git__ssl_conf, ciphers_list); -+ -+ /* Seeding the random number generator */ -+ mbedtls_entropy = git__malloc(sizeof(mbedtls_entropy_context)); -+ mbedtls_entropy_init(mbedtls_entropy); -+ -+ ctr_drbg = git__malloc(sizeof(mbedtls_ctr_drbg_context)); -+ mbedtls_ctr_drbg_init(ctr_drbg); -+ if (mbedtls_ctr_drbg_seed(ctr_drbg, -+ mbedtls_entropy_func, -+ mbedtls_entropy, NULL, 0) != 0) { -+ giterr_set(GITERR_SSL, "failed to initialize mbedTLS entropy pool"); -+ goto cleanup; -+ } -+ -+ mbedtls_ssl_conf_rng(git__ssl_conf, mbedtls_ctr_drbg_random, ctr_drbg); -+ -+ /* load default certificates */ -+ if (crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISREG(statbuf.st_mode)) -+ loaded = (git_mbedtls__set_cert_location(crtpath, 0) == 0); -+ if (!loaded && crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISDIR(statbuf.st_mode)) -+ loaded = (git_mbedtls__set_cert_location(crtpath, 1) == 0); -+ -+ git__on_shutdown(shutdown_ssl); -+ -+ return 0; -+ -+cleanup: -+ mbedtls_x509_crt_free(cacert); -+ git__free(cacert); -+ mbedtls_ctr_drbg_free(ctr_drbg); -+ git__free(ctr_drbg); -+ mbedtls_ssl_config_free(git__ssl_conf); -+ git__free(git__ssl_conf); -+ git__ssl_conf = NULL; -+ -+ return -1; -+} -+ -+mbedtls_ssl_config *git__ssl_conf; -+ -+static int bio_read(void *b, unsigned char *buf, size_t len) -+{ -+ git_stream *io = (git_stream *) b; -+ return (int) git_stream_read(io, buf, len); -+} -+ -+static int bio_write(void *b, const unsigned char *buf, size_t len) -+{ -+ git_stream *io = (git_stream *) b; -+ return (int) git_stream_write(io, (const char *)buf, len, 0); -+} -+ -+static int ssl_set_error(mbedtls_ssl_context *ssl, int error) -+{ -+ char errbuf[512]; -+ int ret = -1; -+ -+ assert(error != MBEDTLS_ERR_SSL_WANT_READ); -+ assert(error != MBEDTLS_ERR_SSL_WANT_WRITE); -+ -+ if (error != 0) -+ mbedtls_strerror( error, errbuf, 512 ); -+ -+ switch(error) { -+ case 0: -+ giterr_set(GITERR_SSL, "SSL error: unknown error"); -+ break; -+ -+ case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: -+ giterr_set(GITERR_SSL, "SSL error: %#04x [%x] - %s", error, ssl->session_negotiate->verify_result, errbuf); -+ ret = GIT_ECERTIFICATE; -+ break; -+ -+ default: -+ giterr_set(GITERR_SSL, "SSL error: %#04x - %s", error, errbuf); -+ } -+ -+ return ret; -+} -+ -+static int ssl_teardown(mbedtls_ssl_context *ssl) -+{ -+ int ret = 0; -+ -+ ret = mbedtls_ssl_close_notify(ssl); -+ if (ret < 0) -+ ret = ssl_set_error(ssl, ret); -+ -+ mbedtls_ssl_free(ssl); -+ return ret; -+} -+ -+static int verify_server_cert(mbedtls_ssl_context *ssl) -+{ -+ int ret = -1; -+ -+ if ((ret = mbedtls_ssl_get_verify_result(ssl)) != 0) { -+ char vrfy_buf[512]; -+ int len = mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "", ret); -+ if (len >= 1) vrfy_buf[len - 1] = '\0'; /* Remove trailing \n */ -+ giterr_set(GITERR_SSL, "the SSL certificate is invalid: %#04x - %s", ret, vrfy_buf); -+ return GIT_ECERTIFICATE; -+ } -+ -+ return 0; -+} -+ -+typedef struct { -+ git_stream parent; -+ git_stream *io; -+ bool connected; -+ char *host; -+ mbedtls_ssl_context *ssl; -+ git_cert_x509 cert_info; -+} mbedtls_stream; -+ -+ -+int mbedtls_connect(git_stream *stream) -+{ -+ int ret; -+ mbedtls_stream *st = (mbedtls_stream *) stream; -+ -+ if ((ret = git_stream_connect(st->io)) < 0) -+ return ret; -+ -+ st->connected = true; -+ -+ mbedtls_ssl_set_hostname(st->ssl, st->host); -+ -+ mbedtls_ssl_set_bio(st->ssl, st->io, bio_write, bio_read, NULL); -+ -+ if ((ret = mbedtls_ssl_handshake(st->ssl)) != 0) -+ return ssl_set_error(st->ssl, ret); -+ -+ return verify_server_cert(st->ssl); -+} -+ -+int mbedtls_certificate(git_cert **out, git_stream *stream) -+{ -+ unsigned char *encoded_cert; -+ mbedtls_stream *st = (mbedtls_stream *) stream; -+ -+ const mbedtls_x509_crt *cert = mbedtls_ssl_get_peer_cert(st->ssl); -+ if (!cert) { -+ giterr_set(GITERR_SSL, "the server did not provide a certificate"); -+ return -1; -+ } -+ -+ /* Retrieve the length of the certificate first */ -+ if (cert->raw.len == 0) { -+ giterr_set(GITERR_NET, "failed to retrieve certificate information"); -+ return -1; -+ } -+ -+ encoded_cert = git__malloc(cert->raw.len); -+ GITERR_CHECK_ALLOC(encoded_cert); -+ memcpy(encoded_cert, cert->raw.p, cert->raw.len); -+ -+ st->cert_info.parent.cert_type = GIT_CERT_X509; -+ st->cert_info.data = encoded_cert; -+ st->cert_info.len = cert->raw.len; -+ -+ *out = &st->cert_info.parent; -+ -+ return 0; -+} -+ -+static int mbedtls_set_proxy(git_stream *stream, const git_proxy_options *proxy_options) -+{ -+ mbedtls_stream *st = (mbedtls_stream *) stream; -+ -+ return git_stream_set_proxy(st->io, proxy_options); -+} -+ -+ssize_t mbedtls_stream_write(git_stream *stream, const char *data, size_t len, int flags) -+{ -+ size_t read = 0; -+ mbedtls_stream *st = (mbedtls_stream *) stream; -+ -+ GIT_UNUSED(flags); -+ -+ do { -+ int error = mbedtls_ssl_write(st->ssl, (const unsigned char *)data + read, len - read); -+ if (error <= 0) { -+ return ssl_set_error(st->ssl, error); -+ } -+ read += error; -+ } while (read < len); -+ -+ return read; -+} -+ -+ssize_t mbedtls_stream_read(git_stream *stream, void *data, size_t len) -+{ -+ mbedtls_stream *st = (mbedtls_stream *) stream; -+ int ret; -+ -+ if ((ret = mbedtls_ssl_read(st->ssl, (unsigned char *)data, len)) <= 0) -+ ssl_set_error(st->ssl, ret); -+ -+ return ret; -+} -+ -+int mbedtls_stream_close(git_stream *stream) -+{ -+ mbedtls_stream *st = (mbedtls_stream *) stream; -+ int ret = 0; -+ -+ if (st->connected && (ret = ssl_teardown(st->ssl)) != 0) -+ return -1; -+ -+ st->connected = false; -+ -+ return git_stream_close(st->io); -+} -+ -+void mbedtls_stream_free(git_stream *stream) -+{ -+ mbedtls_stream *st = (mbedtls_stream *) stream; -+ -+ git__free(st->host); -+ git__free(st->cert_info.data); -+ git_stream_free(st->io); -+ git__free(st->ssl); -+ git__free(st); -+} -+ -+int git_mbedtls_stream_new(git_stream **out, const char *host, const char *port) -+{ -+ int error; -+ mbedtls_stream *st; -+ -+ st = git__calloc(1, sizeof(mbedtls_stream)); -+ GITERR_CHECK_ALLOC(st); -+ -+#ifdef GIT_CURL -+ error = git_curl_stream_new(&st->io, host, port); -+#else -+ error = git_socket_stream_new(&st->io, host, port); -+#endif -+ -+ if (error < 0) -+ goto out_err; -+ -+ st->ssl = git__malloc(sizeof(mbedtls_ssl_context)); -+ GITERR_CHECK_ALLOC(st->ssl); -+ mbedtls_ssl_init(st->ssl); -+ if (mbedtls_ssl_setup(st->ssl, git__ssl_conf)) { -+ giterr_set(GITERR_SSL, "failed to create ssl object"); -+ error = -1; -+ goto out_err; -+ } -+ -+ st->host = git__strdup(host); -+ GITERR_CHECK_ALLOC(st->host); -+ -+ st->parent.version = GIT_STREAM_VERSION; -+ st->parent.encrypted = 1; -+ st->parent.proxy_support = git_stream_supports_proxy(st->io); -+ st->parent.connect = mbedtls_connect; -+ st->parent.certificate = mbedtls_certificate; -+ st->parent.set_proxy = mbedtls_set_proxy; -+ st->parent.read = mbedtls_stream_read; -+ st->parent.write = mbedtls_stream_write; -+ st->parent.close = mbedtls_stream_close; -+ st->parent.free = mbedtls_stream_free; -+ -+ *out = (git_stream *) st; -+ return 0; -+ -+out_err: -+ mbedtls_ssl_free(st->ssl); -+ git_stream_free(st->io); -+ git__free(st); -+ -+ return error; -+} -+ -+int git_mbedtls__set_cert_location(const char *path, int is_dir) -+{ -+ int ret = 0; -+ char errbuf[512]; -+ mbedtls_x509_crt *cacert; -+ -+ assert(path != NULL); -+ -+ cacert = git__malloc(sizeof(mbedtls_x509_crt)); -+ mbedtls_x509_crt_init(cacert); -+ if (is_dir) { -+ ret = mbedtls_x509_crt_parse_path(cacert, path); -+ } else { -+ ret = mbedtls_x509_crt_parse_file(cacert, path); -+ } -+ /* mbedtls_x509_crt_parse_path returns the number of invalid certs on success */ -+ if (ret < 0) { -+ mbedtls_x509_crt_free(cacert); -+ git__free(cacert); -+ mbedtls_strerror( ret, errbuf, 512 ); -+ giterr_set(GITERR_SSL, "failed to load CA certificates: %#04x - %s", ret, errbuf); -+ return -1; -+ } -+ -+ mbedtls_x509_crt_free(git__ssl_conf->ca_chain); -+ git__free(git__ssl_conf->ca_chain); -+ mbedtls_ssl_conf_ca_chain(git__ssl_conf, cacert, NULL); -+ -+ return 0; -+} -+ -+#else -+ -+#include "stream.h" -+ -+int git_mbedtls_stream_global_init(void) -+{ -+ return 0; -+} -+ -+int git_mbedtls_stream_new(git_stream **out, const char *host, const char *port) -+{ -+ GIT_UNUSED(out); -+ GIT_UNUSED(host); -+ GIT_UNUSED(port); -+ -+ giterr_set(GITERR_SSL, "mbedTLS is not supported in this version"); -+ return -1; -+} -+ -+int git_mbedtls__set_cert_location(const char *path, int is_dir) -+{ -+ GIT_UNUSED(path); -+ GIT_UNUSED(is_dir); -+ -+ giterr_set(GITERR_SSL, "mbedTLS is not supported in this version"); -+ return -1; -+} -+ -+#endif -diff --git a/src/streams/mbedtls.h b/src/streams/mbedtls.h -new file mode 100644 -index 000000000..7283698ff ---- /dev/null -+++ b/src/streams/mbedtls.h -@@ -0,0 +1,20 @@ -+/* -+ * Copyright (C) the libgit2 contributors. All rights reserved. -+ * -+ * This file is part of libgit2, distributed under the GNU GPL v2 with -+ * a Linking Exception. For full terms see the included COPYING file. -+ */ -+#ifndef INCLUDE_steams_mbedtls_h__ -+#define INCLUDE_steams_mbedtls_h__ -+ -+#include "common.h" -+ -+#include "git2/sys/stream.h" -+ -+extern int git_mbedtls_stream_global_init(void); -+ -+extern int git_mbedtls_stream_new(git_stream **out, const char *host, const char *port); -+ -+extern int git_mbedtls__set_cert_location(const char *path, int is_dir); -+ -+#endif -diff --git a/src/streams/tls.c b/src/streams/tls.c -index d6ca7d40d..1bcb0d984 100644 ---- a/src/streams/tls.c -+++ b/src/streams/tls.c -@@ -9,6 +9,7 @@ - - #include "git2/errors.h" - -+#include "streams/mbedtls.h" - #include "streams/openssl.h" - #include "streams/stransport.h" - -@@ -31,6 +32,8 @@ int git_tls_stream_new(git_stream **out, const char *host, const char *port) - return git_stransport_stream_new(out, host, port); - #elif defined(GIT_OPENSSL) - return git_openssl_stream_new(out, host, port); -+#elif defined(GIT_MBEDTLS) -+ return git_mbedtls_stream_new(out, host, port); - #else - GIT_UNUSED(out); - GIT_UNUSED(host); -diff --git a/tests/core/stream.c b/tests/core/stream.c -index 9bed4ae27..262888b10 100644 ---- a/tests/core/stream.c -+++ b/tests/core/stream.c -@@ -33,9 +33,8 @@ void test_core_stream__register_tls(void) - cl_git_pass(git_stream_register_tls(NULL)); - error = git_tls_stream_new(&stream, "localhost", "443"); - -- /* We don't have arbitrary TLS stream support on Windows -- * or when openssl support is disabled (except on OSX -- * with Security framework). -+ /* We don't have TLS support enabled, or we're on Windows, -+ * which has no arbitrary TLS stream support. - */ - #if defined(GIT_WIN32) || !defined(GIT_HTTPS) - cl_git_fail_with(-1, error); diff --git a/deps/patches/libgit2-mbedtls2.patch b/deps/patches/libgit2-mbedtls2.patch deleted file mode 100644 index 2bc02a3725411..0000000000000 --- a/deps/patches/libgit2-mbedtls2.patch +++ /dev/null @@ -1,28 +0,0 @@ -Fixes mbedTLS support to link properly and not include libssl.so - -Tracked in upstream PR https://github.com/libgit2/libgit2/pull/4678 - -NOTE: libgit2 has switched its CI to Azure Pipelines. The aforementioned PR makes modifications -to the Travis YAML file, which has since been removed, causing patch conflicts. That part of -the diff has thus been removed here. - -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index 2b82bb325..2deed5f87 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -284,8 +284,13 @@ ELSEIF(SHA1_BACKEND STREQUAL "CommonCrypto") - ELSEIF (SHA1_BACKEND STREQUAL "mbedTLS") - ADD_FEATURE_INFO(SHA ON "using mbedTLS") - SET(GIT_SHA1_MBEDTLS 1) -- FILE(GLOB SRC_SHA1 src/hash/hash_mbedtls.c) -- LIST(APPEND LIBGIT2_PC_REQUIRES "mbedtls") -+ FILE(GLOB SRC_SHA1 hash/hash_mbedtls.c) -+ LIST(APPEND LIBGIT2_INCLUDES ${MBEDTLS_INCLUDE_DIR}) -+ LIST(APPEND LIBGIT2_LIBS ${MBEDTLS_LIBRARIES}) -+ # mbedTLS has no pkgconfig file, hence we can't require it -+ # https://github.com/ARMmbed/mbedtls/issues/228 -+ # For now, pass its link flags as our own -+ LIST(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES}) - ELSE() - MESSAGE(FATAL_ERROR "Asked for unknown SHA1 backend ${SHA1_BACKEND}") - ENDIF() diff --git a/stdlib/LibGit2/test/libgit2.jl b/stdlib/LibGit2/test/libgit2.jl index 4f0de2131fc5e..7900a1c0162a7 100644 --- a/stdlib/LibGit2/test/libgit2.jl +++ b/stdlib/LibGit2/test/libgit2.jl @@ -1933,7 +1933,7 @@ mktempdir() do dir LibGit2.set!(cfg, "credential.useHttpPath", "true") LibGit2.set!(cfg, "credential.https://github.com.useHttpPath", "false") - @test !LibGit2.use_http_path(cfg, github_cred) + @test_broken !LibGit2.use_http_path(cfg, github_cred) @test LibGit2.use_http_path(cfg, mygit_cred) Base.shred!(github_cred) From 1f64030523a68bdf3f0a29e490d56cf4a0172b9b Mon Sep 17 00:00:00 2001 From: Milan Bouchet-Valat Date: Wed, 7 Aug 2019 16:13:50 +0200 Subject: [PATCH 2/3] Fix test --- stdlib/LibGit2/src/gitcredential.jl | 8 ++++++-- stdlib/LibGit2/test/libgit2.jl | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/stdlib/LibGit2/src/gitcredential.jl b/stdlib/LibGit2/src/gitcredential.jl index 09c70d7d73bd5..a0504b1c3dd85 100644 --- a/stdlib/LibGit2/src/gitcredential.jl +++ b/stdlib/LibGit2/src/gitcredential.jl @@ -263,6 +263,7 @@ function default_username(cfg::GitConfig, cred::GitCredential) end function use_http_path(cfg::GitConfig, cred::GitCredential) + seen_specific = false use_path = false # Default is to ignore the path # https://git-scm.com/docs/gitcredentials#gitcredentials-useHttpPath @@ -272,8 +273,11 @@ function use_http_path(cfg::GitConfig, cred::GitCredential) for entry in GitConfigIter(cfg, r"credential.*\.usehttppath") section, url, name, value = split_cfg_entry(entry) - ismatch(url, cred) || continue - use_path = value == "true" + # Ignore global configuration if we have already encountered more specific entry + if ismatch(url, cred) && (!isempty(url) || !seen_specific) + seen_specific = !isempty(url) + use_path = value == "true" + end end return use_path diff --git a/stdlib/LibGit2/test/libgit2.jl b/stdlib/LibGit2/test/libgit2.jl index 7900a1c0162a7..4f0de2131fc5e 100644 --- a/stdlib/LibGit2/test/libgit2.jl +++ b/stdlib/LibGit2/test/libgit2.jl @@ -1933,7 +1933,7 @@ mktempdir() do dir LibGit2.set!(cfg, "credential.useHttpPath", "true") LibGit2.set!(cfg, "credential.https://github.com.useHttpPath", "false") - @test_broken !LibGit2.use_http_path(cfg, github_cred) + @test !LibGit2.use_http_path(cfg, github_cred) @test LibGit2.use_http_path(cfg, mygit_cred) Base.shred!(github_cred) From 18a5a8b8b1f315585cdb980bb4a969cf906efc86 Mon Sep 17 00:00:00 2001 From: Milan Bouchet-Valat Date: Sun, 11 Aug 2019 21:12:49 +0200 Subject: [PATCH 3/3] Fix download --- deps/Versions.make | 2 +- deps/libgit2.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deps/Versions.make b/deps/Versions.make index 4cd5ad6da3972..2f94b13452380 100644 --- a/deps/Versions.make +++ b/deps/Versions.make @@ -27,7 +27,7 @@ LIBSSH2_BB_REL = 0 CURL_VER = 7.61.0 CURL_BB_REL = 1 LIBGIT2_VER = 0.28.2 -LIBGIT2_BB_REL = 1 +LIBGIT2_BB_REL = 0 LIBUV_VER = 1.29.1 LIBUV_BB_REL = 0 OBJCONV_VER = 2.49.0 diff --git a/deps/libgit2.mk b/deps/libgit2.mk index d4f8a862c231b..ae634542b0633 100644 --- a/deps/libgit2.mk +++ b/deps/libgit2.mk @@ -97,7 +97,7 @@ $(build_prefix)/manifest/libgit2: $(build_datarootdir)/julia/cert.pem # use libg else # USE_BINARYBUILDER_LIBGIT2 -LIBGIT2_BB_URL_BASE := https://github.com/JuliaPackaging/Yggdrasil/releases/download/LibGit2-v$(LIBGIT2_VER)-$(LIBGIT2_BB_REL) +LIBGIT2_BB_URL_BASE := https://github.com/JuliaPackaging/Yggdrasil/releases/download/LibGit2-v$(LIBGIT2_VER)+$(LIBGIT2_BB_REL) LIBGIT2_BB_NAME := LibGit2.v$(LIBGIT2_VER) $(eval $(call bb-install,libgit2,LIBGIT2,false))